Skip to main content

Rsvpmaker

10 CVEs product

Monthly

CVE-2023-25054 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in David F. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Rsvpmaker
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2023-25045 MEDIUM This Month

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Rsvpmaker
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-27617 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rsvpmaker
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-27616 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rsvpmaker
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-29095 HIGH This Week

Auth. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Rsvpmaker
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-1768 CRITICAL POC THREAT Emergency

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 86.1%.

SQLi PHP WordPress Rsvpmaker
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
86.1%
Threat
6.0
CVE-2022-1505 CRITICAL PATCH Act Now

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP WordPress Rsvpmaker
NVD VulDB
CVSS 3.1
9.8
EPSS
3.4%
CVE-2022-1453 CRITICAL POC PATCH THREAT Act Now

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 62.1%.

SQLi PHP WordPress Rsvpmaker
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
62.1%
Threat
5.3
CVE-2021-24371 LOW POC Monitor

The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP SSRF Rsvpmaker
NVD WPScan
CVSS 3.1
2.7
EPSS
1.0%
CVE-2019-15646 CRITICAL Act Now

The rsvpmaker plugin before 6.2 for WordPress has SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress Rsvpmaker
NVD
CVSS 3.0
9.8
EPSS
2.3%
EPSS 1% CVSS 10.0
CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in David F. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Rsvpmaker
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Rsvpmaker
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rsvpmaker
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rsvpmaker
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Auth. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Rsvpmaker
NVD
EPSS 86% 6.0 CVSS 9.8
CRITICAL POC THREAT Emergency

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 86.1%.

SQLi PHP WordPress +1
NVD GitHub VulDB
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP WordPress +1
NVD VulDB
EPSS 62% 5.3 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 62.1%.

SQLi PHP WordPress +1
NVD GitHub VulDB
EPSS 1% CVSS 2.7
LOW POC Monitor

The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP SSRF +1
NVD WPScan
EPSS 2% CVSS 9.8
CRITICAL Act Now

The rsvpmaker plugin before 6.2 for WordPress has SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress Rsvpmaker
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy